Admin Features

Documentation

  • Overview
  • Admin Features

Super Admin Features

Overview

The Super Admin system provides administrative capabilities to authorized users only. This document outlines the purpose, implementation, and usage of super admin features.

Configuration

Super admin access is controlled by an environment variable:

SUPER_ADMIN_EMAIL=your_email@example.com

This environment variable should be set to the email address of the user who should have super admin privileges. If not set, the system will default to a hardcoded email in production (ayoelutilo@gmail.com).

Available Features

Currently, the super admin has access to:

  1. WordPress Cache Management

    • Clear all WordPress post caches
    • Force refresh of content from WordPress API

  2. System Information (planned)

    • View system diagnostics
    • Monitor performance metrics

  3. Admin Settings (planned)

    • Configure system-wide settings
    • Manage feature flags

Implementation Details

Authentication and Access Control

Super admin status is determined by comparing the currently logged-in user's email address with the configured super admin email. This check is performed both on the server-side (for API endpoints) and client-side (for UI elements).

typescript
// Utility function to check super admin statusexport function isSuperAdmin(email: string | undefined | null): boolean {  if (!email) return false    const superAdminEmail = process.env.SUPER_ADMIN_EMAIL    if (!superAdminEmail) {    return process.env.NODE_ENV === 'production'       ? email === 'ayoelutilo@gmail.com'      : false  }    return email === superAdminEmail}

WordPress Cache Clearing

The WordPress cache clearing functionality leverages the existing cache invalidation system:

  1. An API endpoint at /api/admin/clear-wordpress-cache validates the user is a super admin
  2. If authorized, it calls the invalidatePostsCache() function
  3. The cache is cleared, and fresh content will be fetched on the next access

Security Considerations

  1. Super admin status checks are performed on both client and server-side to prevent unauthorized access
  2. API endpoints for admin features implement strict authentication checks
  3. Admin page navigation is protected with server-side redirects

Future Enhancements

Planned enhancements for the admin system include:

  1. User management features
  2. Content moderation tools
  3. System configuration interface
  4. Analytics dashboard

Testing Super Admin Features

To test super admin features:

  1. Ensure your email is set in the SUPER_ADMIN_EMAIL environment variable
  2. Log in to the application
  3. Access the admin interface by clicking the Admin link in your profile settings
  4. Use the WordPress cache clearing feature to refresh content
SUPER_ADMIN_EMAIL=your_email@example.com
// Utility function to check super admin statusexport function isSuperAdmin(email: string | undefined | null): boolean {  if (!email) return false    const superAdminEmail = process.env.SUPER_ADMIN_EMAIL    if (!superAdminEmail) {    return process.env.NODE_ENV === 'production'       ? email === 'ayoelutilo@gmail.com'      : false  }    return email === superAdminEmail}